cbcvebase.
CVE-2021-27449
published 2021-12-21

CVE-2021-27449: Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.08%
86.0th percentile
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.

Affected

2 ranges
VendorProductVersion rangeFixed in
mesa_labsamegaviewunspecified – 3.0
mesalabsamegaview<= 3.0

Detection & IOCsextracted from sources · hover to see the quote

cookiedefault cookies used to bypass authentication in AmegaView web application
  • CVE-2021-27449 is a command injection vulnerability in the Mesa Labs AmegaView web server (versions 3.0 and prior), exploitable by a low-privileged remote attacker (CVSS 9.9, AV:N/AC:L/PR:L). Monitor for unexpected OS command execution originating from the AmegaView web server process.
  • AmegaView authentication bypass (CVE-2021-27453) uses default cookies; inspect HTTP traffic to AmegaView for requests carrying default/unmodified cookie values that skip the normal authentication flow.
  • AmegaView privilege escalation (CVE-2021-27445) relies on insecure file permissions; monitor for unexpected privilege changes or file permission modifications on AmegaView host systems.
  • ·No patch will be released; Mesa Labs has scheduled AmegaView for end-of-life at end of 2021 and recommends migrating to ViewPoint software instead.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication.
  • ·All AmegaView versions 3.0 and prior are affected across all four vulnerability classes (CVE-2021-27447, CVE-2021-27449, CVE-2021-27451, CVE-2021-27453, CVE-2021-27445).

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.